go>> gatekeeper>> 返回
项目作者: nstapelbroek

项目描述 :
A poor man's access control for cloud- security groups and firewalls. Enable deployments by temporary whitelisting addresses!
高级语言: Go
项目地址: git://github.com/nstapelbroek/gatekeeper.git
创建时间: 2018-01-07T21:23:21Z
项目社区:https://github.com/nstapelbroek/gatekeeper
开源协议:MIT License
下载


Gatekeeper

Build Status
Go Report Card
GitHub license

Temporary allow access to your cloud infrastructure by signaling the gatekeeper. Allowing your build pipeline to deploy behind a firewall.

Supported environments

Provider Product Name Required Environment Variables
Vultr Firewall VULTR_PERSONAL_ACCESS_TOKEN, VULTR_FIREWALL_ID
Digitalocean Cloud Firewalls DIGITALOCEAN_PERSONAL_ACCESS_TOKEN, DIGITALOCEAN_FIREWALL_ID
AWS EC2 Security Groups AWS_ACCESS_KEY, AWS_SECRET_KEY, AWS_REGION, AWS_SECURITY_GROUP_ID
AWS VPC Network ACLs AWS_ACCESS_KEY, AWS_SECRET_KEY, AWS_REGION, AWS_NETWORK_ACL_ID

Getting Started

Installation

  1. Download a release binary or use a Docker image
  2. Retrieve your cloud provider API keys. DigitalOcean even has docs for this.
  3. Configure your application by passing environment variables. See these examples below:

Docker:

  1. docker run -p 8080:8080 -e DIGITALOCEAN_PERSONAL_ACCESS_TOKEN=REPLACE_ME -e DIGITALOCEAN_FIREWALL_ID=REPLACE_ME nstapelbroek/gatekeeper:latest

Standalone binary:

  1. DIGITALOCEAN_PERSONAL_ACCESS_TOKEN=REPLACE_ME DIGITALOCEAN_FIREWALL_ID=REPLACE_ME ./gatekeeper

Usage

After installing and running the application you can fire an HTTP POST towards it to temporary whitelist your given IP at the cloud provider.
By default the gatekeeper will open TCP port 22 (for SSH). You can change the port of protocol in the configuration.

A simple example:

  1. curl -X POST http://localhost:8080

You can configure the timeout or ip address per request basis by sending it as a form-encoded or json payload. The example below will use your public IP:

  1. curl -X POST -s -d 'ip='$(curl -s https://ifconfig.co/ip)'&timeout=60' http://localhost:8080

Configuration

Although this tool is meant to be very simple, you can configure it to your needs by changing some variables.

Variable Name Default value Notes
APP_ENV release Used to control the verbosity of log lines. Only release and debug are used.
HTTP_AUTH_USERNAME Used with to HTTP_AUTH_PASSWORD to shield the application with http basic auth.
HTTP_AUTH_PASSWORD See HTTP_AUTH_USENAME. Both values have to be provided.
HTTP_PORT 8080 Controls on which port the HTTP server will start.
RULE_CLOSE_TIMEOUT 120 When no timeout value is given on a request, this value in seconds will be used. Use 0 to permanently allow the IP address.
RULE_PORTS TCP:22 A comma separated list of ports to unblock on a request. Use a - to indicate a range. For example: TCP:20-22,UDP:20-22.

Development

If you wish to help building gatekeeper you can start with:

  1. Fork and clone the repository
  2. Install dependencies with go mod tidy
  3. Optionally you can install additional tooling like golangci-lint
  4. Start building! You can find some inspiration for changes in the issues or project board